CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68984
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue …

Dec 30, 2025
CVE-2025-68983
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue …

Dec 30, 2025
CVE-2025-68982
5.3 MEDIUM

Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through …

Dec 30, 2025
CVE-2025-68981
5.3 MEDIUM

Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through …

Dec 30, 2025
CVE-2025-68980
5.3 MEDIUM

Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.

Dec 30, 2025
CVE-2025-68979
5.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: …

Dec 30, 2025
CVE-2025-68978
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a …

Dec 30, 2025
CVE-2025-68977
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: …

Dec 30, 2025
CVE-2025-68976
5.4 MEDIUM

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.

Dec 30, 2025
CVE-2025-68975
4.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a …

Dec 30, 2025
CVE-2025-68974
6.6 MEDIUM

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP …

Dec 30, 2025
CVE-2025-15245
3.5 LOW

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile …

Dec 30, 2025
CVE-2025-15244
3.7 LOW

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to …

Dec 30, 2025
CVE-2025-15359
9.1 CRITICAL

DVP-12SE11T - Out-of-bound memory write Vulnerability

Dec 30, 2025
CVE-2025-15243
7.3 HIGH

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the …

Dec 30, 2025
CVE-2025-15242
3.1 LOW

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results …

Dec 30, 2025
CVE-2025-15358
7.5 HIGH

DVP-12SE11T - Denial of Service Vulnerability

Dec 30, 2025
CVE-2025-15241
3.5 LOW

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of …

Dec 30, 2025
CVE-2025-15234
8.8 HIGH

A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes …

Dec 30, 2025
CVE-2025-15103
8.1 HIGH

DVP-12SE11T - Authentication Bypass via Partial Password Disclosure

Dec 30, 2025
CVE-2025-15102
9.1 CRITICAL

DVP-12SE11T - Password Protection Bypass

Dec 30, 2025
CVE-2025-15355
6.1 MEDIUM

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing …

Dec 30, 2025
CVE-2025-15233
8.8 HIGH

A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument …

Dec 30, 2025
CVE-2025-15232
8.8 HIGH

A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads …

Dec 30, 2025
CVE-2025-15231
8.8 HIGH

A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can …

Dec 30, 2025
CVE-2025-15230
8.8 HIGH

A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the …

Dec 30, 2025
CVE-2025-15229
5.3 MEDIUM

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation …

Dec 30, 2025
CVE-2025-15222
5.0 MEDIUM

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to …

Dec 30, 2025
CVE-2025-14313
6.1 MEDIUM

The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading …

Dec 30, 2025
CVE-2025-14312
6.1 MEDIUM

The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading …

Dec 30, 2025
CVE-2025-15221
3.5 LOW

A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross …

Dec 30, 2025
CVE-2025-15220
4.3 MEDIUM

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site …

Dec 30, 2025
CVE-2025-15219
3.5 LOW

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The …

Dec 30, 2025
CVE-2025-15218
8.8 HIGH

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST …

Dec 30, 2025
CVE-2025-15217
8.8 HIGH

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation …

Dec 30, 2025
CVE-2025-15216
8.8 HIGH

A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to …

Dec 30, 2025
CVE-2025-15215
8.8 HIGH

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This …

Dec 30, 2025
CVE-2025-69235
7.5 HIGH

Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.

Dec 30, 2025
CVE-2025-69234
9.1 CRITICAL

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.

Dec 30, 2025
CVE-2025-15214
2.4 LOW

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the …

Dec 30, 2025
CVE-2025-69217
7.7 HIGH

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and …

Dec 30, 2025
CVE-2025-15213
4.3 MEDIUM

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the …

Dec 30, 2025
CVE-2025-15212
6.3 MEDIUM

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the …

Dec 30, 2025
CVE-2025-15211
6.3 MEDIUM

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the …

Dec 30, 2025
CVE-2025-68499
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= …

Dec 30, 2025
CVE-2025-68498
6.5 MEDIUM

Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.

Dec 30, 2025
CVE-2025-68120
5.4 MEDIUM

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Dec 30, 2025
CVE-2025-68040
6.5 MEDIUM

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from …

Dec 30, 2025
CVE-2025-68036
7.5 HIGH

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.

Dec 30, 2025
CVE-2025-23554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page …

Dec 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.